Temu U-turns on terms of cash 'giveaway' offer
Chinese e-retailer Temu has significantly changed the terms of a cash giveaway after customers expressed concerns.
Participants in the promotion - which has gone viral on social media - receive up to £50, but had to agree to permanently hand over considerable amounts of personal data.
Previously, Temu had said these were "standard terms and conditions".
But now it says it has "tweaked" those terms because they were "overly broad".
Data watchdog the Information Commissioner's Office, which had been looking into concerns about Temu's offer, said it would "continue to consider the concerns raised".
The Chinese-owned online marketplace launched in the US in 2022 and the UK last year.
It has been described as "Amazon on steroids" by retail experts and is known for selling goods at extremely cheap prices, using the slogan "shop like a billionaire".
But it has faced criticism from politicians, with a US government investigation finding an "extremely high risk" that products on Temu could have been made with forced labour.
What is Temu's campaign?
The firm's giveaway gives new users 24 hours to sign up other people using a shareable link so each receive a cash reward of between £40 and £50 - paid to their PayPal accounts - or in Temu store credit.
Existing Temu account holders can also participate, but appear to have to reach a higher threshold for such rewards.
Thousands of users eager to cash in on the promotion have been seen posting links across social media sites.
But it has also been the subject of memes and posts scrutinising the rules.
The section receiving the most scrutiny states that "except to the extent prohibited by applicable law", participants give the company consent to use and publish their "photo, name, likeness, voice, opinions, statements, biographical information, and/or hometown and state" for advertising or promotional purposes.
It adds this can take place in any media worldwide and "in perpetuity" - meaning with no fixed end date.
One such post on X (formerly Twitter) with screengrabs of the campaign's usage and publicity rules has been viewed more than two million times, according to the platform's metrics.
A number of other X users claimed the rules would allow Temu to sell their data or even create deepfake adverts - though those claims were strenuously denied by the retailer.
But now, the fast growing, Chinese-owned retailer has changed those rules, saying "some participants" in the cash offer had "expressed concern".
It said it had "tweaked" the terms and conditions "to make it clear that we only ever use username and profile pictures in this promotion for referral functionality and winner announcements".
"The previous terms and conditions were overly broad and inadvertently included promotional uses that Temu does not engage in," it added.
"Customer trust and satisfaction is at the heart of Temu, and we do not and will not sell customer data."
This is a U-turn compared with previous statements from the company.
Previously, a Temu spokesperson had said giveaways were commonplace across many firms and different industries, and cited its e-commerce rival Shein as an example of a firm running promotions with "nearly identical terms and conditions".
"If these standard terms and conditions for run-of-the-mill promotional activities are newsworthy, then we urge you to be fair and report on their use by other companies instead of singling out Temu," the spokesperson had said.
Sensitive data
Experts had also raised concerns about the terms of the promotion.
"Giving away permission for Temu to use your 'voice' and 'biographical information' will understandably concern its customers," said Lisa Webb, Which? consumer law expert.
"These offers are going viral on social media, including to young people, but consumers should definitely consider whether they are comfortable giving this sensitive data away in return for cash."
She had added that "while Temu isn't the first platform to excessively hoover up data, there are definite question marks over whether requesting permission for personal data to be used 'worldwide' is proportionate in any circumstances".
Jonathan Kirsop, data protection partner at law firm Pinsent Mason, had told BBC News it was not a wording he had seen used commonly before and the activity implied may have been "problematic".
The previous terms could have fallen foul of UK data protection rules, which require user consent to be freely given, specific and able to be withdrawn in order for it to be relied upon as a reason for data processing.
"While not always prohibited, making the provision of services conditional on a consent to the use of personal data will often be unlawful on the basis the user may not be considered to have a free choice in delivering that consent, particularly where the data concerned is sensitive, such as biometric data," he said.
The use of voice data - which is considered biometric data under the UK's General Data Protection Regulation (GDPR) - has a higher threshold for lawful use and consent in the UK because it carries greater risks, he added.
'Clear and transparent'
The data regulator, the Information Commissioner's Office, had previously said it was "aware of reports about Temu" and was "considering the concerns raised."
In a fresh comment, made after Temu altered the terms and conditions, the data watchdog said: "Organisations must be clear and transparent about how and why they collect and use people's personal information, and ensure people can make a fully informed decision as to whether to hand over their data."
"We are aware of reports about Temu, and subsequent updates to the terms and conditions, and continue to consider the concerns raised."
Awais Rashid, professor of cyber security at the University of Bristol, had told BBC News that apps collecting a lot of data - often more than they actually need from users - had become commonplace.
He said this, as well as cash incentives or long, sometimes "indecipherable" privacy policies and terms, can make the decision more difficult and imbalanced when deciding whether or not we as individuals should part with our data to use a service.
"Whenever there is such a deal being offered we must always look at: what is the consequence of this, and how much of our data is going to be collected, how it is going to be used, and are we comfortable with that?" he said.
-bbc